Allow Exceptions in any inherited group to override negation of permissions.

This commit is contained in:
ElgarL 2014-03-27 01:50:00 +00:00 committed by KHobbits
parent 8f810ad447
commit 92bb4e0e66
3 changed files with 50 additions and 11 deletions

View File

@ -16,7 +16,7 @@
<arguments> <arguments>
<dictionary> <dictionary>
<key>LaunchConfigHandle</key> <key>LaunchConfigHandle</key>
<value>&lt;project&gt;/.externalToolBuilders/GroupManager.launch</value> <value>&lt;project&gt;/.externalToolBuilders/GroupManager_Builder.launch</value>
</dictionary> </dictionary>
</arguments> </arguments>
</buildCommand> </buildCommand>

View File

@ -222,4 +222,5 @@ v 2.0:
- Store worldSelection indexed on the senders name rather than the object (fixes commandblocks using manselect). - Store worldSelection indexed on the senders name rather than the object (fixes commandblocks using manselect).
- Check subgroup permissions with an equal priority so no one subgroup is higher ranked than another. - Check subgroup permissions with an equal priority so no one subgroup is higher ranked than another.
- add recursive permission adding/deleting - add recursive permission adding/deleting
- Prevent adding sub groups for ranks the granting player doesn't have access to. - Prevent adding sub groups for ranks the granting player doesn't have access to.
- Allow Exceptions in any inherited group to override negation of permissions.

View File

@ -5,6 +5,7 @@
package org.anjocaido.groupmanager.permissions; package org.anjocaido.groupmanager.permissions;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet; import java.util.LinkedHashSet;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
@ -13,8 +14,8 @@ import java.util.Set;
import org.anjocaido.groupmanager.GroupManager; import org.anjocaido.groupmanager.GroupManager;
import org.anjocaido.groupmanager.data.Group; import org.anjocaido.groupmanager.data.Group;
import org.anjocaido.groupmanager.dataholder.WorldDataHolder;
import org.anjocaido.groupmanager.data.User; import org.anjocaido.groupmanager.data.User;
import org.anjocaido.groupmanager.dataholder.WorldDataHolder;
import org.anjocaido.groupmanager.utils.PermissionCheckResult; import org.anjocaido.groupmanager.utils.PermissionCheckResult;
import org.bukkit.Bukkit; import org.bukkit.Bukkit;
import org.bukkit.entity.Player; import org.bukkit.entity.Player;
@ -121,6 +122,7 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
public Set<String> getAllPlayersPermissions(String userName, Boolean includeChildren) { public Set<String> getAllPlayersPermissions(String userName, Boolean includeChildren) {
Set<String> playerPermArray = new LinkedHashSet<String>(); Set<String> playerPermArray = new LinkedHashSet<String>();
Set<String> overrides = new LinkedHashSet<String>();
// Add the players own permissions. // Add the players own permissions.
playerPermArray.addAll(populatePerms(ph.getUser(userName).getPermissionList(), includeChildren)); playerPermArray.addAll(populatePerms(ph.getUser(userName).getPermissionList(), includeChildren));
@ -147,18 +149,39 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
// Add all group permissions, unless negated by earlier permissions. // Add all group permissions, unless negated by earlier permissions.
for (String perm : groupPermArray) { for (String perm : groupPermArray) {
boolean negated = (perm.startsWith("-")); boolean negated = (perm.startsWith("-"));
// Overridden (Exception) permission defeats negation.
if (perm.startsWith("+")) {
overrides.add(perm.substring(1));
continue;
}
// Perm doesn't already exists and there is no negation for it // Perm doesn't already exists and there is no negation for it
// or It's a negated perm where a normal perm doesn't exists (don't allow inheritance to negate higher perms) // or It's a negated perm where a normal perm doesn't exists (don't allow inheritance to negate higher perms)
if ((!negated && !playerPermArray.contains(perm) && !wildcardNegation(playerPermArray, perm)) || (negated && !playerPermArray.contains(perm.substring(1)) && !wildcardNegation(playerPermArray, perm.substring(1)))) if ((!negated && !playerPermArray.contains(perm) && !wildcardNegation(playerPermArray, perm)) || (negated && !playerPermArray.contains(perm.substring(1)) && !wildcardNegation(playerPermArray, perm.substring(1))))
playerPermArray.add(perm); playerPermArray.add(perm);
if (perm.startsWith("+") && wildcardNegation(groupPermArray, perm.substring(1))) {
playerPermArray.add(perm.substring(1));
}
} }
} }
} }
// Process overridden permissions
Iterator<String> itr = overrides.iterator();
while (itr.hasNext()) {
String node = itr.next();
if (playerPermArray.contains("-" + node)) {
playerPermArray.remove("-" + node);
}
playerPermArray.add(node);
}
// Collections.sort(playerPermArray, StringPermissionComparator.getInstance()); // Collections.sort(playerPermArray, StringPermissionComparator.getInstance());
return playerPermArray; return playerPermArray;
@ -1001,17 +1024,34 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
if (start == null || targetPermission == null) { if (start == null || targetPermission == null) {
return null; return null;
} }
LinkedList<Group> stack = new LinkedList<Group>(); LinkedList<Group> stack = new LinkedList<Group>();
List<Group> alreadyVisited = new ArrayList<Group>(); List<Group> alreadyVisited = new ArrayList<Group>();
PermissionCheckResult result = new PermissionCheckResult();
stack.push(start); stack.push(start);
alreadyVisited.add(start); alreadyVisited.add(start);
// Set defaults.
result.askedPermission = targetPermission;
result.resultType = PermissionCheckResult.Type.NOTFOUND;
while (!stack.isEmpty()) { while (!stack.isEmpty()) {
Group now = stack.pop(); Group now = stack.pop();
PermissionCheckResult resultNow = checkGroupOnlyPermission(now, targetPermission); PermissionCheckResult resultNow = checkGroupOnlyPermission(now, targetPermission);
if (!resultNow.resultType.equals(PermissionCheckResult.Type.NOTFOUND)) { if (!resultNow.resultType.equals(PermissionCheckResult.Type.NOTFOUND)) {
resultNow.accessLevel = targetPermission;
return resultNow; if (resultNow.resultType.equals(PermissionCheckResult.Type.EXCEPTION)) {
resultNow.accessLevel = targetPermission;
return resultNow;
}
// Negation found so store for later
// as we need to continue looking for an Exception.
result = resultNow;
} }
for (String sonName : now.getInherits()) { for (String sonName : now.getInherits()) {
Group son = ph.getGroup(sonName); Group son = ph.getGroup(sonName);
if (son != null && !alreadyVisited.contains(son)) { if (son != null && !alreadyVisited.contains(son)) {
@ -1021,9 +1061,7 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface {
} }
} }
} }
PermissionCheckResult result = new PermissionCheckResult();
result.askedPermission = targetPermission;
result.resultType = PermissionCheckResult.Type.NOTFOUND;
return result; return result;
} }